I lead Citrix (NASDAQ:CTXS) world wide advocacy efforts with a particular focus on increasing the volume, reach and influence of Citrix's extensive portfolio of cloud solutions used by more than 260,000 customers and 100 million end users across the globe.

I'm recognized as an early innovator in the cloud computing space, as the founder of Enomaly in 2004 (Acquired by Virtustream in 2012). Enomaly was among the first to develop a self-service infrastructure as a service (IaaS) platform (ECP) circa 2005, as well as SpotCloud (2011) the first commodity style cloud computing Spot Market.

Dept. of Homeland Security Forced to Release List of Keywords Used to Monitor Social Networking Sites

If you are thinking about tweeting about clouds, pork, exercise or even Mexico, think again. Doing so may result in a closer look by the U.S. Department of Homeland Security.

In a story appearing earlier today on the U.K’s Daily Mail website, it was reported that the DHS has been forced to release a list of keywords and phrases it uses to monitor various social networking sites. The list provides a glimpse into what DHS describes as “signs of terrorist or other threats against the U.S.”

The list was posted by the Electronic Privacy Information Center who filed a request under the Freedom of Information Act, before suing to obtain the release of the documents. The documents were part of the department’s 2011 ’Analyst’s Desktop Binder‘ used by workers at their National Operations Center which instructs workers to identify ‘media reports that reflect adversely on DHS and response activities’.

The information sheds new light on how government analysts are instructed to patrol the internet searching for domestic and external threats. The Daily Mail’s article noted the Electronic Privacy Information Center wrote a letter to the House Homeland Security Subcommittee on Counter-terrorism and Intelligence, describing it’s choice of words as ‘broad, vague and ambiguous’.

What wasn’t disclosed is how the agency actually gains access to the various search engines and social networks to monitor the specified keywords. My guess is the DHS has a “special arrangement” with companies like GoogleGoogle, FacebookFacebook, MicrosoftMicrosoft, Yahoo and Twitter to gain secure direct API access. This type of access would allow it to use distributed cloud technologies to monitor the daily flow of social media and search activity in something close to real time.

I would love to learn more about the technologies used to accomplish this type of social / web monitoring. The applications for monitoring trends and social statics are fascinating when applied to other industry sectors. Given the extent of the monitoring, I’m sure this post itself is now coming up on the DHS radar, so please feel free to leave a comment with any insights.

(Update 1: Reading through the Desktop Binder, I discovered the DHS Twitter account is @dhsnocmmc1 and DHS appears to be using tweetdeck to monitor the various keywords. See Page 38 – Also interesting to note they seem to be using a Mac Mini as a server, and no password vaults. All Passwords appear to be shared in a plain text word document.)

(Update 2: On page 37, DHS instructs analysts to accept invalid SSL certificates forever without verification. Although invalid SSL warnings often appear in benign situations, they can also signal a man-in-the-middle attack. Not a good practice for the security conscious. Thanks to @obraon twitter for the tip.)

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

hey government monitoring, i will say whatever the heck i want to say for me or anyone else. my warning for extreme illimination is any government telling me what i can say do or hear….. you want a piece of me come get it, bring your body bags you will need them

FACEBOOKFRIENDS HELP US TOGETHER FOR HELPIN’ CHILDREN OF SAHEL YES !! HELP ME USING TOGETHER A PLACE WHEREVER COUNTRY FOR SELLING ALL PAINTINGS, DRAWNS, PHOTOGRAPHIES AND PICTURES YOU HAVE APPRECIATED IN MY WALL… THE PRICE OF PIECE ?? FIFTY FIFTY FOR THE ARTIST AND THE CHILDREN OF SAHEL.. YES !! WE ALL ARE ONE FOR OUR FUTURE..OUR CHILDREN… BLESSED !!

Folks, anyone can get access to the entire Twitter feed, and a surprisingly large number of people have their Facebook accounts set to “Public” without realizing it. If you put it out in the SM-world, anyone with enough time/bandwidth/computing power/money can read it.

Companies like Radian6 and Crimson Hexagon exist solely to help corporations — and yes, government agencies — sift through the massive streams of data flowing through SM platforms every day. They do this to discover how their communication campaigns are being received, or to monitor chatter during a PR crisis, or to find out about a looming PR crisis before it blows up.

DHS is not coming to knock down your door because you Tweeted about your online Mafia Assassins game. They’re looking for two things: indication that some sort of incident is imminent or underway, or public reaction to their public statements. If you read the entire Binder, you’ll see that they are specifically prohibited from collecting PII, Privately Identifiable Information, unless it appears that an actual attack in imminent.

This is not a bad thing. Imagine the type of information they could gather in a terrorist incident were to unfold in downtown NYC, with thousands of people Tweeting and posting photos of what they are witnessing. The response team might be able to build a much more complete picture of ground truth by gathering all that public information in one place and sifting through it rapidly. That’s the essence of intelligence. And it’s not evil.

Ha, Ha, Ha ! The list of “trigger” words are in the form of an innocuous jpg! Invisible to robots and hall monitors. The fear of the DHS is the beginning of wisdom. And the end of freedom. Welcome to NAZI Germany.

“Not a good practice for the security conscience.” I think the author meant “security conscious”. My goodness, people are poorly educated these days. That isn’t a typo or a misspelling (both of which SHOULD be corrected)- that’s quite the bumbling misuse of words.

Been eating low carb for over 8 years and frequently post about bacon and pork chops, maybe even ham. So if they want to monitor me, maybe they will learn about how to eat to keep their weight down, or maybe a post or two about God, or maybe how much I love my family. Not too worried.